[Snort-sigs] SID 793

Steven Alexander alexander.s at ...1565...
Mon Jun 9 14:53:10 EDT 2003


Rule:  
VIRUS OUTBOUND .vbs file attachment
--
Sid:

793

--
Summary:
An email message was sent that may contain a virus.

--
Impact:

Possible system compromise or denial of service to the receiving system

--
Detailed Information:

This signature looks for an email message that is sent with a file
attachment whose name ends in ".vbs".  VBS files are visual basic
scripts and can contain malcious code such as worms, viruses or trojans.

--
Affected Systems:

Microsoft Windows
--
Attack Scenarios:

Worms/viruses are usually sent by hosts that are already infected.  

--
Ease of Attack:
Simple

--
False Positives:

Possible.

--
False Negatives:

None known.
--
Corrective Action:

Use anti-virus software.  If possible, configure your email server to
block attachments with extensions such as ".vbs", ".exe", and ".com".


--
Contributors:
Documentation - Steven Alexander<alexander.s at ...1565...>
-- 
Additional References:









More information about the Snort-sigs mailing list